- It was discovered that Cocospy and Spyic were filtering confidential information
- Developers do not respond and errors have not been solved
- The photos of people, messages, call records and more are at risk
Email addresses, text messages, call records, photographs and other confidential data, which belong to millions of people, may have been exposed online thanks to a couple of defective spyware applications.
Spyware applications, often also called “spouse software”, are applications that people install covered in mobile devices that belong to their partners, children or the like. They are announced as legitimate monitoring applications, but essentially operate in the gray area and are not allowed in the main application stores, such as the App Store or Play Store.
A cybersecurity researcher recently analyzed Cocospy and Spyic, two popular spyware applications whose code apparently has significant overlays that allowed the researcher to extract confidential information from their servers.
Email addresses and more
TechcrunchHe first reported on the findings, said the error was “relatively simple to explode”, but to protect the victims, he decided not to share any details at this time.
When a person wants to install the Spyware on another person’s device, you must first use an email address to register an account.
The researcher achieved 1.81 million email addresses used to register in Cocospy, and approximately 880,000 addresses used for Spyic. In addition to the email addresses, the researcher managed to access the majority of the data harvested by the applications, including images, messages and call records.
Due to the nature of applications, developers do everything possible to remain hidden and out of reach. Techcrunch deduced that developers are more likely of Chinese origin, but could not say with certainty, although there is some evidence that the developer could be 711.icu, whose website is not even loaded.
The operators did not respond to media consultations and, at the time of publication, have not addressed vulnerabilities.
